Merge pull request #195 from openedx/jenkins/upgrade-python-requireme…

…nts-2db0b63 Python Requirements Update
openedx · Jan 18, 2024 · 86045dc · 86045dc
2 parents 2db0b63 + f18067a
commit 86045dc
Show file tree

Hide file tree

Showing 13 changed files with 509 additions and 452 deletions.
diff --git a/enterprise_subsidy/apps/api/v1/tests/mixins.py b/enterprise_subsidy/apps/api/v1/tests/mixins.py
@@ -53,6 +53,12 @@ def _jwt_token_from_role_context_pairs(self, role_context_pairs, include_user_id
         payload['roles'] = roles
         if include_user_id:
             payload['user_id'] = STATIC_LMS_USER_ID
+        else:
+            # For some reason, generate_unversioned_payload() automatically borrows the `id` from the provided user for
+            # the `user_id` in the generated payload, so we should delete it when the caller doesn't want to include a
+            # user_id.  In the real world, the JWT user_id being the exact same as the IDA User's `id` would be
+            # extremely unlikely.
+            del payload['user_id']
         return generate_jwt_token(payload)
 
     def set_jwt_cookie(self, role_context_pairs=None, include_user_id=True):

diff --git a/requirements/base.txt b/requirements/base.txt
@@ -5,35 +5,37 @@
 #    make upgrade
 #
 asgiref==3.7.2
-    # via django
+    # via
+    #   django
+    #   django-cors-headers
 async-timeout==4.0.3
     # via redis
-attrs==23.1.0
+attrs==23.2.0
     # via
     #   jsonschema
     #   openedx-events
     #   referencing
 backports-zoneinfo==0.2.1
     # via django
-certifi==2023.7.22
+certifi==2023.11.17
     # via requests
 cffi==1.16.0
     # via
     #   cryptography
     #   pynacl
-charset-normalizer==3.3.0
+charset-normalizer==3.3.2
     # via requests
 click==8.1.7
     # via edx-django-utils
-cryptography==41.0.4
+cryptography==41.0.7
     # via
     #   pyjwt
     #   social-auth-core
 defusedxml==0.8.0rc2
     # via
     #   python3-openid
     #   social-auth-core
-django==4.2.5
+django==4.2.9
     # via
     #   -c requirements/constraints.txt
     #   -r requirements/base.in
@@ -60,7 +62,7 @@ django==4.2.5
     #   social-auth-app-django
 django-clearcache==1.2.1
     # via -r requirements/base.in
-django-cors-headers==4.2.0
+django-cors-headers==4.3.1
     # via -r requirements/base.in
 django-crum==0.7.9
     # via
@@ -70,7 +72,7 @@ django-extensions==3.2.3
     # via
     #   -r requirements/base.in
     #   openedx-ledger
-django-filter==23.3
+django-filter==23.5
     # via
     #   -r requirements/base.in
     #   openedx-ledger
@@ -84,15 +86,15 @@ django-object-actions==4.2.0
     #   openedx-ledger
 django-simple-history==3.4.0
     # via
-    #   -c requirements/common_constraints.txt
+    #   -c requirements/constraints.txt
     #   -r requirements/base.in
     #   openedx-ledger
-django-waffle==4.0.0
+django-waffle==4.1.0
     # via
     #   -r requirements/base.in
     #   edx-django-utils
     #   edx-drf-extensions
-djangoql==0.17.1
+djangoql==0.18.1
     # via
     #   -r requirements/base.in
     #   openedx-ledger
@@ -105,7 +107,7 @@ djangorestframework==3.14.0
     #   edx-drf-extensions
 drf-jwt==1.19.2
     # via edx-drf-extensions
-drf-spectacular==0.26.5
+drf-spectacular==0.27.0
     # via -r requirements/base.in
 drf-yasg==1.21.7
     # via -r requirements/base.in
@@ -115,14 +117,14 @@ edx-django-release-util==1.3.0
     # via
     #   -r requirements/base.in
     #   openedx-ledger
-edx-django-utils==5.7.0
+edx-django-utils==5.9.0
     # via
     #   -r requirements/base.in
     #   edx-drf-extensions
     #   edx-rest-api-client
     #   getsmarter-api-clients
     #   openedx-ledger
-edx-drf-extensions==8.10.0
+edx-drf-extensions==9.1.2
     # via
     #   -r requirements/base.in
     #   edx-rbac
@@ -134,15 +136,15 @@ edx-rbac==1.8.0
     # via
     #   -r requirements/base.in
     #   openedx-ledger
-edx-rest-api-client==5.6.0
+edx-rest-api-client==5.6.1
     # via -r requirements/base.in
-fastavro==1.8.3
+fastavro==1.9.3
     # via openedx-events
 getsmarter-api-clients==0.6.1
     # via -r requirements/base.in
-idna==3.4
+idna==3.6
     # via requests
-importlib-resources==6.1.0
+importlib-resources==6.1.1
     # via
     #   jsonschema
     #   jsonschema-specifications
@@ -154,36 +156,36 @@ jsonfield2==4.0.0.post0
     # via
     #   -r requirements/base.in
     #   openedx-ledger
-jsonschema==4.19.1
+jsonschema==4.20.0
     # via drf-spectacular
-jsonschema-specifications==2023.7.1
+jsonschema-specifications==2023.12.1
     # via jsonschema
-mysqlclient==2.2.0
+mysqlclient==2.2.1
     # via
     #   -r requirements/base.in
     #   openedx-ledger
-newrelic==9.1.0
+newrelic==9.5.0
     # via edx-django-utils
 oauthlib==3.2.2
     # via
     #   getsmarter-api-clients
     #   requests-oauthlib
     #   social-auth-core
-openedx-events==8.6.0
+openedx-events==9.2.0
     # via
     #   -r requirements/base.in
     #   openedx-ledger
 openedx-ledger==1.3.2
     # via -r requirements/base.in
 packaging==23.2
     # via drf-yasg
-pbr==5.11.1
+pbr==6.0.0
     # via stevedore
 pkgutil-resolve-name==1.3.10
     # via jsonschema
 ply==3.11
     # via djangoql
-psutil==5.9.5
+psutil==5.9.7
     # via edx-django-utils
 pycparser==2.21
     # via cffi
@@ -193,6 +195,7 @@ pyjwt[crypto]==2.8.0
     #   edx-auth-backends
     #   edx-drf-extensions
     #   edx-rest-api-client
+    #   pyjwt
     #   social-auth-core
 pymemcache==4.0.0
     # via -r requirements/base.in
@@ -216,7 +219,7 @@ pyyaml==6.0.1
     #   edx-django-release-util
 redis==5.0.1
     # via openedx-ledger
-referencing==0.30.2
+referencing==0.32.1
     # via
     #   jsonschema
     #   jsonschema-specifications
@@ -231,7 +234,7 @@ requests-oauthlib==1.3.1
     # via
     #   getsmarter-api-clients
     #   social-auth-core
-rpds-py==0.10.3
+rpds-py==0.17.1
     # via
     #   jsonschema
     #   referencing
@@ -248,9 +251,9 @@ six==1.16.0
     #   edx-rbac
 slumber==0.7.1
     # via edx-rest-api-client
-social-auth-app-django==5.3.0
+social-auth-app-django==5.4.0
     # via edx-auth-backends
-social-auth-core==4.4.2
+social-auth-core==4.5.1
     # via
     #   edx-auth-backends
     #   social-auth-app-django
@@ -260,15 +263,16 @@ stevedore==5.1.0
     # via
     #   edx-django-utils
     #   edx-opaque-keys
-typing-extensions==4.8.0
+typing-extensions==4.9.0
     # via
     #   asgiref
+    #   drf-spectacular
     #   edx-opaque-keys
 uritemplate==4.1.1
     # via
     #   drf-spectacular
     #   drf-yasg
-urllib3==2.0.5
+urllib3==2.1.0
     # via requests
 zipp==3.17.0
     # via importlib-resources
diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -4,27 +4,35 @@
 #
 #    make upgrade
 #
-distlib==0.3.7
+cachetools==5.3.2
+    # via tox
+chardet==5.2.0
+    # via tox
+colorama==0.4.6
+    # via tox
+distlib==0.3.8
     # via virtualenv
-filelock==3.12.4
+filelock==3.13.1
     # via
     #   tox
     #   virtualenv
 packaging==23.2
-    # via tox
-platformdirs==3.10.0
-    # via virtualenv
+    # via
+    #   pyproject-api
+    #   tox
+platformdirs==4.1.0
+    # via
+    #   tox
+    #   virtualenv
 pluggy==1.3.0
     # via tox
-py==1.11.0
-    # via tox
-six==1.16.0
+pyproject-api==1.6.1
     # via tox
 tomli==2.0.1
-    # via tox
-tox==3.28.0
     # via
-    #   -c requirements/common_constraints.txt
-    #   -r requirements/ci.in
-virtualenv==20.24.5
+    #   pyproject-api
+    #   tox
+tox==4.12.0
+    # via -r requirements/ci.in
+virtualenv==20.25.0
     # via tox
diff --git a/requirements/common_constraints.txt b/requirements/common_constraints.txt
@@ -1,3 +1,7 @@
+# This is a temporary solution to override the real common_constraints.txt
+# In edx-lint, until the pyjwt constraint in edx-lint has been removed.
+# See BOM-2721 for more details.
+# Below is the copied and edited version of common_constraints
 
 # A central location for most common version constraints
 # (across edx repos) for pip-installation.
@@ -12,10 +16,13 @@
 # Note: Changes to this file will automatically be used by other repos, referencing
 #  this file from Github directly. It does not require packaging in edx-lint.
 
+
+# using LTS django version
+
+
 # elasticsearch>=7.14.0 includes breaking changes in it which caused issues in discovery upgrade process.
 # elastic search changelog: https://www.elastic.co/guide/en/enterprise-search/master/release-notes-7.14.0.html
 elasticsearch<7.14.0
 
-# tox>4.0.0 isn't yet compatible with many tox plugins, causing CI failures in almost all repos.
-# Details can be found in this discussion: https://github.com/tox-dev/tox/discussions/1810
-tox<4.0.0
+# django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
+3.0.0